Abusive content on a store built with WooCommerce

WooCommerce is a free, open-source software product that is available for anyone to download and use with their self-hosted WordPress site.

While this means a lot of wonderful products are sold through our software, the open-source and distributed nature of WooCommerce means that there may also be stores using the platform for purposes that are malicious or that otherwise do not align with our values.

Our options for addressing these situations are limited. In effect, WooCommerce is similar to software such as Microsoft Word, in that people download it and use it independently, and it’s impossible for Microsoft to restrict that usage based on the contents of a document.

Before opening a report with us, please note that our ability to take action will depend on where the site is hosted. 

If the site is hosted on Automattic servers, we will be able to take a closer look, review the report provided, and take the necessary measures. These sites are often WordPress.com members, recognizable by the “Powered by WordPress.com” message displayed in the footer of their page.

To report these sites, go to the WordPress.com abuse report page. This form only accepts WordPress.com sites and is an easy way to confirm whether or not we host the site.

If the site is self-hosted, WooCommerce.com does not have access to the store in question. These sites typically download our plugin and upload it to a third-party hosting environment.

Please note: This means that we do not have the capability to remove the malicious content or remove the store from the site.

Upon receiving abuse reports for self-hosted sites, we may:

• Cancel or disconnect their WooCommerce.com accounts. This means that the store cannot get support or automated updates for extensions purchased from WooCommerce.com. As these are paid subscriptions, they are subject to our Terms of Service.
• Refuse support. If a store does not comply with our Terms of Service, we will not assist them in any way. This includes (but is not limited to) questions surrounding accounts, pre-sales, or technical questions.

If you find such a website, you can open a support request with us. We will evaluate the abusive content and take appropriate action. 

Additional reporting can be done by directly contacting the site’s hosting company, shipping provider, and payment gateway.

Send a report to the hosting company and/or the domain registrar for the site. WooCommerce software needs to be used with a hosting company to work. These companies will also have additional terms and conditions that the site may not comply with. You may wish to try reporting the content to them directly. 

• Hosting company: The place that has the site’s data on its servers. To find the hosting provider, go to WhoisHostingthis.com and enter the site address.

• Domain registrar: The company where the URL (site address) is registered. To find the domain registrar, go to Whois.com and enter the site address. Sometimes this also shows an email address for reporting abuse.

Automattic may be the host of the site that is being reported. If so, please let us know using the WordPress.com abuse reporting form.

Most WooCommerce stores connect with a payment and/or shipping provider. These providers have regulations on which products can be sold using their tools, and abusive content will likely not be permitted. 

• If you are not a developer: In many cases, the site’s checkout page will display their payment or shipping provider information. For example, the checkout page might mention Stripe or PayPal as payment options, or USPS and Canada Post as shipping options.
• If you are a developer: Using dev tools to inspect the checkout page will likely tell you which software is used for payments and shipping, even if it’s not explicitly mentioned on the page.